Description
Errors in Examples using auth0-python
I'm trying to use auth0 in Python to verify tokens from a React SPA authenticated using auth0. When copying the tokens from the frontend into Python and following the example, it doesn't work.
The tokens have been checked for format in JWT.io and in https://token.dev. They were also checked in the backend with jwt.get_unverified_claims and jwt.get_unverified_headers.
What was the expected behavior?
I was hoping to get https://token.dev, as per help.
Reproduction
- Step 1
from auth0.authentication import TokenVerifier, AsymmetricSignatureVerifier
ImportError: cannot import name 'TokenVerifier' from 'auth0.authentication' (/[...]/.venv/lib/python3.10/site-packages/auth0/authentication/__init__.py)I had to grep the whole library to get a fix:
from auth0.authentication.token_verifier import TokenVerifier, AsymmetricSignatureVerifier- Step 2
id_token = auth_result['id_token']Since auth_result is introduced in a non self-contained way (aka out of thin air), I was left to assume that it was the id_token returned by the POST to https://[domain]/oauth/token, as performed by the frontend and copied from the browser DevTools. This is a long string that was also verified on both aforementioned pages as containing my user data.
- Step 3
tv.verify(id_token)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/ricardo/Documents/Sandboxes/Python/.venv/lib/python3.10/site-packages/auth0/authentication/token_verifier.py", line 293, in verify
payload = self._sv.verify_signature(token)
File "/home/ricardo/Documents/Sandboxes/Python/.venv/lib/python3.10/site-packages/auth0/authentication/token_verifier.py", line 108, in verify_signature
secret_or_certificate = self._fetch_key(key_id=kid)
File "/home/ricardo/Documents/Sandboxes/Python/.venv/lib/python3.10/site-packages/auth0/authentication/token_verifier.py", line 142, in _fetch_key
return self._fetcher.get_key(key_id)
File "/home/ricardo/Documents/Sandboxes/Python/.venv/lib/python3.10/site-packages/auth0/authentication/token_verifier.py", line 230, in get_key
keys = self._fetch_jwks()
File "/home/ricardo/Documents/Sandboxes/Python/.venv/lib/python3.10/site-packages/auth0/authentication/token_verifier.py", line 198, in _fetch_jwks
self._cache_jwks(jwks)
File "/home/ricardo/Documents/Sandboxes/Python/.venv/lib/python3.10/site-packages/auth0/authentication/token_verifier.py", line 181, in _cache_jwks
self._cache_value = self._parse_jwks(jwks)
File "/home/ricardo/Documents/Sandboxes/Python/.venv/lib/python3.10/site-packages/auth0/authentication/token_verifier.py", line 214, in _parse_jwks
rsa_key = jwt.algorithms.RSAAlgorithm.from_jwk(json.dumps(key))
AttributeError: module 'jwt.algorithms' has no attribute 'RSAAlgorithm'. Did you mean: 'Algorithm'?What am I doing wrong? This seems almost as if an update was partially made to the library and a few things were left behind.
For now, all I can do upon logging in in the SPA, is:
- decode the
id_token; - request user information based on the
id_tokenname or email; - generate a new JWT;
- use that as a bearer for all subsequent API calls.
Environment
- Ubuntu 22.10
- Python 3.10.7
- environment:
$ pip list --not-required
Package Version
------------ -------
auth0-python 4.0.0
cryptography 39.0.2
pip 23.0.1
python-jose 3.3.0
setuptools 67.6.0
wheel 0.40.0- Version of this library used: 4.0.0
- Which framework are you using, if applicable: none, just CLI
- Other modules/plugins/libraries that might be involved: see
pip listabove - Any other relevant information you think would be useful: